diff options
author | Dan Nicholson <nicholson@endlessm.com> | 2019-10-15 11:55:22 -0600 |
---|---|---|
committer | Dan Nicholson <dbn@endlessos.org> | 2023-02-07 14:50:47 -0700 |
commit | 582d7071d2d56c6250e5b338df8c403a9917856e (patch) | |
tree | f62d9f60a1c89b8c5485b08ab49e2765c6f841f9 /src/ostree/ot-builtin-summary.c | |
parent | 1384267973de3908f5b29f5783b31ab3a7264be1 (diff) | |
download | ostree-582d7071d2d56c6250e5b338df8c403a9917856e.tar.gz |
bin/summary: Use ostree_repo_regenerate_metadata
Call `ostree_repo_regenerate_metadata` with the provided GPG and sign
keys to generate and sign the summary in one call. This changes the
handling when GPGME support is disabled but GPG keys are supplied.
Instead of silently ignoring the option, it will now error. IMO that's
better as callers would otherwise not know that the summary is not GPG
signed.
Diffstat (limited to 'src/ostree/ot-builtin-summary.c')
-rw-r--r-- | src/ostree/ot-builtin-summary.c | 65 |
1 files changed, 27 insertions, 38 deletions
diff --git a/src/ostree/ot-builtin-summary.c b/src/ostree/ot-builtin-summary.c index 2d6306a4..219af604 100644 --- a/src/ostree/ot-builtin-summary.c +++ b/src/ostree/ot-builtin-summary.c @@ -223,50 +223,39 @@ ostree_builtin_summary (int argc, char **argv, OstreeCommandInvocation *invocati return FALSE; } - /* Regenerate and sign the conventional summary file. */ - if (!ostree_repo_regenerate_summary (repo, additional_metadata, cancellable, error)) - return FALSE; - -#ifndef OSTREE_DISABLE_GPGME - if (opt_gpg_key_ids) - { - if (!ostree_repo_add_gpg_signature_summary (repo, - (const gchar **) opt_gpg_key_ids, - opt_gpg_homedir, - cancellable, - error)) - return FALSE; - } -#endif - if (opt_key_ids) + /* Regenerate and sign the repo metadata. */ + g_auto(GVariantBuilder) metadata_opts_builder = G_VARIANT_BUILDER_INIT (G_VARIANT_TYPE_VARDICT); + g_autoptr(GVariant) metadata_opts = NULL; + if (opt_gpg_key_ids != NULL) + g_variant_builder_add (&metadata_opts_builder, "{sv}", "gpg-key-ids", + g_variant_new_strv ((const char * const *) opt_gpg_key_ids, -1)); + if (opt_gpg_homedir != NULL) + g_variant_builder_add (&metadata_opts_builder, "{sv}", "gpg-homedir", + g_variant_new_string (opt_gpg_homedir)); + if (opt_key_ids != NULL) { - g_autoptr (GVariant) secret_keys = NULL; - g_autoptr (GVariantBuilder) sk_builder = NULL; - - sk_builder = g_variant_builder_new (G_VARIANT_TYPE_ARRAY); + g_auto(GVariantBuilder) sk_builder = G_VARIANT_BUILDER_INIT (G_VARIANT_TYPE_ARRAY); - char **iter; - for (iter = opt_key_ids; iter && *iter; iter++) + /* Currently only strings are used as keys for supported + * signature types. */ + for (const char * const *iter = (const char * const *) opt_key_ids; + iter != NULL && *iter != NULL; iter++) { - const char *keyid = *iter; - GVariant *secret_key = NULL; - - /* Currently only strings are used as keys - * for supported signature types */ - secret_key = g_variant_new_string (keyid); - - g_variant_builder_add (sk_builder, "v", secret_key); + const char *key_id = *iter; + g_variant_builder_add (&sk_builder, "v", g_variant_new_string (key_id)); } - secret_keys = g_variant_builder_end (sk_builder); - - if (! ostree_sign_summary (sign, - repo, - secret_keys, - cancellable, - error)) - return FALSE; + g_variant_builder_add (&metadata_opts_builder, "{sv}", "sign-keys", + g_variant_builder_end (&sk_builder)); } + if (opt_sign_name != NULL) + g_variant_builder_add (&metadata_opts_builder, "{sv}", "sign-type", + g_variant_new_string (opt_sign_name)); + + metadata_opts = g_variant_ref_sink (g_variant_builder_end (&metadata_opts_builder)); + if (!ostree_repo_regenerate_metadata (repo, additional_metadata, metadata_opts, + cancellable, error)) + return FALSE; } else if (opt_view || opt_raw) { |